Test/Evaluation: Memory Integrity Attack Simulation

This task will create an attack simulation towards memory integrity violation:

  • OS: Linux
  • Arch: x86_32
  • Application: User mode
  • Details:
    • Have App A be the attacker application that modifies App B memory contents (code and/or data)
    • App B can be a CPS controller application for example
    • Create the following repository: https://github.com/uberspark/tests-and-evaluation.git
    • Host simulated attack sources within folder simulated-attacks/mem-integrity
    • Get App B memory map and be able to poke (write) to code and/or data; we can assume su privileges for App A

I am working on a model where we have a socket client (App A) connect to a socket server (App B) and can send data via the socket which makes the server app jump to a function which can alter the behavior of the socket server application (App B). This approach is using buffer overflow and is one way to call a function that can change the memory integrity of the running process B. This is one way to achieve a successful attack. If this is accepted then we can use the mechanism for our experiments.

I am not sure if this may be directly applicable to our case. Here App B may be a CPS controller application which may or may not have buffer overflow vulnerabilities. I was thinking we can go for a more direct form of attack where we assume attacker gains control of App A with su privileges and can directly overwrite App B memory without necessarily having to exploit a weakness in App B.

Hope that makes sense.

@antonhristozov, of course, please feel free to stick in the buffer overflow attack as well in perhaps a memsafety folder within the tests-and-evaluation.git repo. That might come in handy at some point when we want to demonstrate memory safety properties (such as buffer overflow).


Came across the following while on this thread:

Might be helpful as we make progress. Thanks!

I read this post and it looks straightforward on how to modify the heap of a running process by knowing it process ID and using the /proc filesystem. I will try to reproduce the example first and then move this code to the repository.

Super. Thanks a bunch @antonhristozov!

https://github.com/uberspark/tests-and-evaluation was created.
I ported the example from here:
The Python file had a run time error which I fixed.
Ran the test successfully as presented on the website.
Created a README.txt file with detailed instructions on how to use this test.
Looks one definite possibility, because of its simplicity.

Great. Thanks @antonhristozov!

I have setup the repository https://github.com/uberspark/tests-and-evaluation.git such that further updates will need to be done via pull-requests (PR). This will allow us to keep track of future changes and review before merging.

I am closing this task thread.